github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-09 03:33:36 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

versionName=2025.5.0 (of beta.aab), when installed via the F-Droid repository, does not register as the default FIDO2 URI consumer in FPOS (AOSP 15). #2095

New Issue
Open
opened 2025-11-26 23:08:00 -06:00 by GiteaMirror · 2 comments
GiteaMirror commented 2025-11-26 23:08:00 -06:00
Owner
Copy Link

Originally created by @RokeJulianLockhart on GitHub (Dec 5, 2024).

Steps To Reproduce

  1. Have com.google.android.gms preinstalled.

  2. Install the equivalent of v2024.11.7/com.x8bit.bitwarden-standard-beta.aab from the F-Droid repository.

  3. Invoke a FIDO:/ schema-prefixed URI (like FIDO:/13086400838107303667332719012595115747821895775708323189557153075146383351399743589971313508078026948312026786722471666005727649643501784024544726574771401798171307406596245). 1

Expected Result

com.x8bit.bitwarden should have intercepted the activity, because it does when using addons.mozilla.org/firefox/downloads/file/4392295/bitwarden_password_manager-2024.11.2.xpi on:

  1. firefox-nightly-for-developers-135-0a1-5-android-apk

  2. 41/fedora-updates-x86_64/firefox-133.0-2.fc41.x86_64.rpm

Actual Result

The default handler appears to be com.google.android.gms/.fido.fido2.ui.hybrid.HybridAuthenticateActivity. 2

Screenshots or Videos

I possess them, but don't want to upload them yet because I don't know whether displaying a real FIDO URI is insecure.

Additional Context

  1. airsdk/Adobe-Runtime-Support/discussions/2451#discussioncomment-4847347 appears to explain, somewhat, how to implement the association.

  2. stackoverflow.com/revisions/75651445/6 explains how to decode such a URI.

Build Version

v2024.11.7/com.x8bit.bitwarden-standard-beta.aab

What server are you connecting to?

US

Environment Details

  1. #!/usr/bin/env sh
adb shell getprop

  2. [ro.build.version.release]: [14]
[ro.build.product]: [FP5]
[ro.build.display.id]: [FP5.UT2E.B.078.20241105]

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @RokeJulianLockhart on GitHub (Dec 5, 2024). ### Steps To Reproduce 1. Have `com.google.android.gms` preinstalled. 1. Install the equivalent of [`v2024.11.7/com.x8bit.bitwarden-standard-beta.aab`](https://github.com/bitwarden/android/releases/download/v2024.11.7/com.x8bit.bitwarden-standard-beta.aab) from [the F-Droid repository](https://github.com/bitwarden/f-droid/blob/868bd8f24f4c0bbba540f559faceb22609cf3172/README.md?plain=1#L13). 1. Invoke a `FIDO:/` schema-prefixed URI (like [`FIDO:/13086400838107303667332719012595115747821895775708323189557153075146383351399743589971313508078026948312026786722471666005727649643501784024544726574771401798171307406596245`](FIDO:/13086400838107303667332719012595115747821895775708323189557153075146383351399743589971313508078026948312026786722471666005727649643501784024544726574771401798171307406596245)). [^2] [^2]: [`stackoverflow.com/revisions/75651445/6`](https://stackoverflow.com/revisions/75651445/6#:~:text=an%20example%20I%20created%20from,FIDO:/13086400838107303667332719012595115747821895775708323189557153075146383351399743589971313508078026948312026786722471666005727649643501784024544726574771401798171307406596245) ### Expected Result `com.x8bit.bitwarden` should have intercepted the activity, because *it does* when using [`addons.mozilla.org/firefox/downloads/file/4392295/bitwarden_password_manager-2024.11.2.xpi`](https://addons.mozilla.org/firefox/downloads/file/4392295/bitwarden_password_manager-2024.11.2.xpi) on: 1. [`firefox-nightly-for-developers-135-0a1-5-android-apk`](https://www.apkmirror.com/apk/mozilla/firefox-fenix/firefox-fenix-135-0a1-release/firefox-nightly-for-developers-135-0a1-5-android-apk-download/) 1. [`41/fedora-updates-x86_64/firefox-133.0-2.fc41.x86_64.rpm`](https://fedora.pkgs.org/41/fedora-updates-x86_64/firefox-133.0-2.fc41.x86_64.rpm.html#:~:text=Package%20filename-,firefox%2D133.0%2D2.fc41.x86_64.rpm,-Package%20name%20%09firefox) ### Actual Result The default handler appears to be `com.google.android.gms/.fido.fido2.ui.hybrid.HybridAuthenticateActivity`. [^1] [^1]: [`android.stackexchange.com/revisions/258784/3`](https://android.stackexchange.com/revisions/258784/3#:~:text=adb%20shell%20dumpsys%20activity%20activities%20%7C%20grep%20topResumedActivity=%20%7C%20awk%20'%7B%20print%20$3%20%7D') ### Screenshots or Videos I possess them, but don't want to upload them yet because I don't know whether displaying a *real* FIDO URI is insecure. ### Additional Context 1. [`airsdk/Adobe-Runtime-Support/discussions/2451#discussioncomment-4847347`](https://github.com/airsdk/Adobe-Runtime-Support/discussions/2451#discussioncomment-4847347) appears to explain, somewhat, how to implement the association. 1. [`stackoverflow.com/revisions/75651445/6`](https://stackoverflow.com/revisions/75651445/6) explains how to decode such a URI. ### Build Version [`v2024.11.7/com.x8bit.bitwarden-standard-beta.aab`](https://github.com/bitwarden/android/releases/download/v2024.11.7/com.x8bit.bitwarden-standard-beta.aab) ### What server are you connecting to? US <!-- ### Self-host Server Version [`v2024.11.0`](https://github.com/bitwarden/server/releases/tag/v2024.11.0) --> ### Environment Details 1. ~~~sh #!/usr/bin/env sh adb shell getprop ~~~ 1. > ~~~YAML > [ro.build.version.release]: [14] > [ro.build.product]: [FP5] > [ro.build.display.id]: [FP5.UT2E.B.078.20241105] > ~~~ ### Issue Tracking Info - [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:password-managerbug labels 2025-11-26 23:08:01 -06:00
GiteaMirror commented 2025-11-26 23:08:01 -06:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Dec 5, 2024):

Thank you for your report! We've added this to our internal board for review.
ID: PM-15580

@bitwarden-bot commented on GitHub (Dec 5, 2024): Thank you for your report! We've added this to our internal board for review. ID: PM-15580
GiteaMirror commented 2025-11-26 23:08:02 -06:00
Author
Owner
Copy Link

@RokeJulianLockhart commented on GitHub (Jun 23, 2025):

At issues/4669#issue-2825133828, I see a flow which doesn't occur for me: I see no modal.

@RokeJulianLockhart commented on GitHub (Jun 23, 2025): At [`issues/4669#issue-2825133828`](https://github.com/bitwarden/android/issues/4669#issue-2825133828), I see a flow which doesn't occur for me: I see no modal.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#2095
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?